Demystifying the Realm of Endpoint Security

The first challenge to securing endpoints is understanding the places and methods by which endpoints are vulnerable. Once you find the chinks in the armor, you then set about the task of obfuscating, hardening, spoofing, redirecting, or eliminating these vulnerabilities. If you can't hide, misdirect, or remove the vulnerability, then you're forced to deal with it by developing some form of protective countermeasure that reduces the risk associated with its exploitation. The best analogy of information security that I have ever run across is to liken its implementation to the movement of a pendulum. On one side of the pendulum, you have accessibility; on the other, you have total security. The only way to guarantee total security is to completely lock down every available ingress and egress path for data; this, of course, effectively renders the device useless. In applying the analogy of the pendulum, the closer that you get toward being completely secure, the less accessible your device becomes. The more available the device needs to be, the higher the potential for vulnerabilities. Being an analogy, this example is greatly generalized and simplified. The pendulum analogy is very useful for illustrating the impact that security has on performance and accessibility. In reality, there's no such thing as a quick-fix answer. Similarly, there aren't any silver bullets or magic panacea. What works well in one application can fail miserably in another. The real magic behind any successful endpoint security initiative lies firmly in the architecture of the implementation and is highly customized for the particular context of the given network. The secret to mastering endpoint security engineering is achieved by fully understanding the roles, requirements, expectations, and context surrounding the way that a device is implemented and used. Only then are you fully equipped to determine the best possible security solution. Through this blog, I'm going to do my best to simplify the components, concepts and methodologies of endpoint security by comparing them to commonly identifiable scenarios and examples. I'm a firm believer that it's imperative to understand the strategy and philosophy of securing endpoints before you can logically focus on any of the specific techniques. There are hundreds of different ways to implement endpoint security countermeasures. Any administrator with access can flip a switch to turn off a service or shut down a port without understanding the true ramifications of doing so. The real challenge with implementing security for any living and breathing network is almost never a question of "how" to lock something down, but rather, "how-best" to lock something down so that it still does what you need it to do.